We are not advancing to the 3.3 or 4.0 branches at the moment, as neither
will work with our native JDK without a lot more work.
Changes since Tomcat 3.2.3 (the last pkgsrc version):
7.1 Fixes and Enhancements in Release 3.2.4
This section highlights the bugs fixed in this release.
- Cookie name expires is a reserved token (#1114)
- Thread initialization problem in thread pool (#1745)
- AJP12 returned invalid HTTP headers when redirecting to very
long URLS (#2333)
- Fixed casting problem in JspFactoryImpl.getPageContext(). (#4260)
- Setting sesstion-timeout in web.xml did not prevent sessions from
timing out. (#4412)
- Fixed race condition in ServerSocketFactory.getDefault(). (#4418)
- Removed the restrictions on encoded spcecial characters in URLs
that was added as a security precaution in 3.2.3. The encoded
special characters are not decoded and remain the URL and
path info returned to servlets.
- Jk_nt_service now supports the ability to be restarted automatically
by the Windows 2000 service control manager if Tomcat terminates
abnormally.
- Fixed invalid servlet mapping in web.xml generated by JspC (#3474, #3499)
- Added findResource() and findResources() to AdaptiveClassLoader12
- A Date: HTTP header is now sent in responses when running stand
alone. (#345)
- Simple held on to a reference to removed objects preventing
garbage collection.
- Tomcat 3.2.4 now ships with JAXP 1.1. Prior releases used
JAXP 1.0.1. Tomcat 3.2.4 remains completely compatible with
the older version of JAXP and there is no requirement for users
to upgrade to JAXP 1.1 unless their applications require the new
version.
- Fixed NullPointerException in HttpConnectionHandler. (#4577)
7.2 Security Vulnerabilities fixed in Tomcat 3.2.4
The randomness of generated session ids has been enhanced to prevent the
generation of guessable ids.
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.
so we need to set -I to get the headers there. (There's some
-I.../include/netbsd already, i guess that's for a NetBSD-native JDK or
something, not touching that one).
Adresses PR 12571 by Omar Asfour <oasfour@email.com>
Jakarta Tomcat of JServ from Apache.
Some more information:
What is mod_jk?
mod_jk is a replacement to the elderly mod_jserv. It is a completely
new Tomcat-Apache plugin that handles the communication between
Tomcat and Apache
Why mod_jk?
Several reasons:
mod_jserv was too complex. Because it was ported from Apache/JServ,
it brought with it lots of JServ specific bits that aren't needed
by Apache.
mod_jserv supported only Apache. Tomcat supports many web servers
through a compatibility layer named the jk library. Supporting two
different modes of work became problematic in terms of support,
documentation and bug fixes. mod_jk should fix that.
The layered approach provided by the jk library makes it easier to
support both Apache1.3.x and Apache2.xx.
Better support for SSL. mod_jserv couldn't reliably identify whether
a request was made via HTTP or HTTPS. mod_jk can, using the newer
Ajpv13 protocol.